Visual Analysis of Goal-Directed Network Defense Decisions

Security visualization has been focused largely on graphic representation of data and relationships between network activity, security sensor output, and attacker activity. Visual analysis tools have not been designed to facilitate the analysis of data related to defender activities and decisions. This paper reports on the initial effort of a research team to use visual analytics to support the modeling of the computer network defense (CND) decision process of an organization. We describe a tool to support the visual analysis of a hierarchical decision structure represented in a portable, file-based database. The tool visualizes and traces relationships between decision goals, sub-goals, decisions, information requirements, and data sources.